comment from developer ” Unfortunately autoit, which vistumbler is written in, gets flagged as a false positive a lot. Vistumbler has struggled with this since the beginning.
I recently submitted the 10.7 release files to microsoft for false detection and they removed the false detection, so i think these files are fine. However I have also just submitted a false positive report to bitdefender, so we can see if they remove it too. If vistumbler gets flagged by your AV company, my suggestion is to submit it as a false positive to them. I really don't have the time to chase down all these AV companies. -Andrew” On Thu 8. Apr 2021 at 13.49, Al Varnell via clamav-users < clamav-users@lists.clamav.net> wrote: > That signature has been in the ClamAV daily.ldb database since Jan 15 and > appears to be looking for some relatively unique strings: > > % sigtool -fWin.Malware.Generic-9819492-0|sigtool --decode-sigs > VIRUS NAME: Win.Malware.Generic-9819492-0 > TDB: Engine:81-255,Target:1 > LOGICAL EXPRESSION: 0&1&2&3&4 > * SUBSIG ID 0 > +-> OFFSET: ANY > +-> SIGMOD: WIDE > +-> DECODED SUBSIGNATURE: > *Unable to get a list of running processes. > * SUBSIG ID 1 > +-> OFFSET: ANY > +-> SIGMOD: WIDE > +-> DECODED SUBSIGNATURE: > 0Expected a "=" operator in assignment statement.*Invalid keyword at the > start of this line. > * SUBSIG ID 2 > +-> OFFSET: ANY > +-> SIGMOD: WIDE > +-> DECODED SUBSIGNATURE: > api-ms-win-core-synch-l1-2-0.dll > * SUBSIG ID 3 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > internal error: invalid forward reference offset > * SUBSIG ID 4 > +-> OFFSET: ANY > +-> SIGMOD: WIDE > +-> DECODED SUBSIGNATURE: > Error parsing function call.0Incorrect number of parameters in function > call.'"ReDim" used without an array variable.> > > -Al- > > On Apr 8, 2021, at 03:24, Arnaud Jacques <webmas...@securiteinfo.com> > wrote: > > > Hello, > > At first look, ClamAV is not the only one that flags it as malware : > > > https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection > > > Le 08/04/2021 à 11:41, Eero Volotinen a écrit : > > Thanks. I submitted files via that url. > clamscan Vistumbler_v1* > / > root/Vistumbler_v10-7.exe: OK > /root/Vistumbler_v10-7_Portable.zip: Win.Malware.Generic-9819492-0 FOUND > /root/Vistumbler_v10-7.zip: Win.Malware.Generic-9819492-0 FOUND > So. looks like this is false positive on vistumbler.. > Eero > On Thu, Apr 8, 2021 at 5:03 AM Al Varnell via clamav-users < > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net > <clamav-users@lists.clamav.net>>> wrote: > Without knowing the name of the infection I can't provide even a > guess as to whether it is or not, but the exact answer to your > question is for you to report it by filling out the form found > @https://www.clamav.net/reports/fp > <https://www.clamav.net/reports/fp> including the file itself. > Sent from my iPad > -Al- > On Apr 7, 2021, at 18:03, Eero Volotinen <eero.voloti...@iki.fi > <mailto:eero.voloti...@iki.fi <eero.voloti...@iki.fi>>> wrote: > > > https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe > < > https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe > > > > Looks like this is (vistumbler) detected as false positive. > > How to fix this? > > Eero > > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml